Arch Linux Security Advisory ASA-201606-10 ========================================== Severity: Medium Date : 2016-06-10 CVE-ID : CVE-2016-4456 Package : gnutls Type : arbitrary file overwrite Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package gnutls before version 3.4.13-1 is vulnerable to arbitrary file overwrite. Resolution ========== Upgrade to 3.4.13-1. # pacman -Syu "gnutls>=3.4.13-1" The problem has been fixed upstream in version 3.4.13. Workaround ========== None. Description =========== Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLS_KEYLOGFILE environment variable handling via getenv() and fixed in GnuTLS 3.4.13 by switching to secure_getenv() where available. Impact ====== A local attacker is able to overwrite arbitrary files with a setuid program using GnuTLS by setting the GNUTLS_KEYLOGFILE environment variable. References ========== https://access.redhat.com/security/cve/CVE-2016-4456 http://gnutls.org/security.html#GNUTLS-SA-2016-1